Navigant Research Blog

If you’re a Robert Redford fan, you probably remember 1992’s crime drama, Sneakers. The opening scene of the movie depicts a ragtag team of security experts expertly hacking and breaking into a bank, nabbing $100,000 in cash. The group, consisting of Dan Aykroyd, River Phoenix, and Sidney Poitier, are actually good guys who make a living by being hired by banks to test the vulnerabilities of their security systems.

It turns out that today’s U.S. government has enlisted similar services to that of Redford’s band to test for vulnerabilities on the U.S. electricity grid. A newly released, highly redacted report shows that the National Security Agency (NSA), along with defense contractor Raytheon, has assembled a team of 28 engineers tasked with hacking into the U.S.’s electricity grid. And, much like Robert Redford’s team in Sneakers, Raytheon has been successful in gaining access to secure systems and infrastructure throughout the nation’s electric grid.

One would hope that the team of NSA and Raytheon “penetration testers” represents the very best hackers in the world and that unwanted attacks on electric grid are highly unlikely. Unfortunately, countries like Iran and China, along with groups like Anonymous, have shown an increasing willingness and capacity to hack into both private and public websites and networks. Countries and groups like these have found cyber-espionage a relatively easy and cost-effective way to implement physical and financial damage on the United States. In fact, the Department of Homeland Security said it responded to 95 attacks against energy utilities’ systems in fiscal year 2012.

What are Utilities Doing?

Pike Research’s Bob Lockhart has evaluated how utilities are protecting against cyber-attacks on their industrial control systems. Control systems, which are the backbone of distribution and substation automation systems, are increasingly reliant on IT-enabled devices. Unfortunately, Pike Research has shown that these embedded IT systems’ “threats and vulnerabilities are many and well known.” Despite yearly revenue of $369 million for 2012, Pike Research’s Industrial Control Systems Security report adds that “technology innovation for the smart grid ICS security is stagnant.” Clearly, a well-functioning electricity grid is a vital part of the U.S.’ economy, security, and livelihood. While the report mentions that utilities are becoming more proactive in protecting their infrastructure and assets, in the meantime, it doesn’t hurt to have the NSA using a variety of innovative tactics to keep the grid secure. The Sundance Kid probably wouldn’t hurt either.